Malware Writers Infect Android Apps With Crypto-Currency Mining Code
Malware writers have figured out a method to earn money by utilising millions of smartphone users' hardware processing power and transforming the devices into a crypto-currency mining tool by the introduction of a new malware family. The researchers of TrendLabs have been clever enough to spot them. This malware has been responsible for mining different types of digital currencies like Bitcoin, Litecoin and Dogecoin. According to the researchers, the malware was originally found in repacked copies of apps like Football Manager Handheld and TuneIn Radio, found outside the Google Play Store. The app when installed uses the Android device’s hardware resulting in reduction in battery life, wear and tear of the device, which could lead to decrease in device’s lifespan.
The apps have been modified and introduced with the mining code from a legal Android virtual currency mining app. The code is based on the cpuminer software. To conceal the code, the Google Mobile Ads portion of the app was customized.
The customized Google Mobile Ads code
The process of mining acts as an ongoing background service once the device is connected to the internet. According to TrendLabs, the malware ANDROIDOS_KAGECOIN.HBT is configured to download a file to update the configuration of the miner which enabled the developer to switch from a Dogecoin to a Bitcoin mining pool.
Coin pool configuration code
Unlike the apps discussed above, a few apps have been found within the Google Play Store which demonstrate the same behaviour. ‘Songs’ and ‘Prized – Real Rewards & Prizes’ are apps that have been infected with a new yet similar malware known as ANDROIDOS_KAGECOIN.HBTB.
Mining Apps in Google Play
Although, there is a noticeable difference between the two malwares, in the second case, the mining only occurs when your device is charging so that the increase in energy use won’t be noticed. These apps have reportedly been downloaded by many users and affected many Android device users. TrendLabs claims that they have informed the Google Play security team about the issue due to which the apps are no longer available.
The attack is indeed clever, but phones do not have sufficient specs to perform as an effective miner. The report states that the cybercriminal earned thousands of Dogecoins. If we assume he/she earned 5000 Dogecoins then its value is equivalent to just $2.6 (Value stated is at the time of writing). Also, odd behaviors like slow charging and over-heating of the phone can bring to the user's attention of the presence of a miner.
Via: #-Link-Snipped-# | Source: #-Link-Snipped-#
The apps have been modified and introduced with the mining code from a legal Android virtual currency mining app. The code is based on the cpuminer software. To conceal the code, the Google Mobile Ads portion of the app was customized.
The customized Google Mobile Ads code
The process of mining acts as an ongoing background service once the device is connected to the internet. According to TrendLabs, the malware ANDROIDOS_KAGECOIN.HBT is configured to download a file to update the configuration of the miner which enabled the developer to switch from a Dogecoin to a Bitcoin mining pool.
Coin pool configuration code
Unlike the apps discussed above, a few apps have been found within the Google Play Store which demonstrate the same behaviour. ‘Songs’ and ‘Prized – Real Rewards & Prizes’ are apps that have been infected with a new yet similar malware known as ANDROIDOS_KAGECOIN.HBTB.
Mining Apps in Google Play
Although, there is a noticeable difference between the two malwares, in the second case, the mining only occurs when your device is charging so that the increase in energy use won’t be noticed. These apps have reportedly been downloaded by many users and affected many Android device users. TrendLabs claims that they have informed the Google Play security team about the issue due to which the apps are no longer available.
The attack is indeed clever, but phones do not have sufficient specs to perform as an effective miner. The report states that the cybercriminal earned thousands of Dogecoins. If we assume he/she earned 5000 Dogecoins then its value is equivalent to just $2.6 (Value stated is at the time of writing). Also, odd behaviors like slow charging and over-heating of the phone can bring to the user's attention of the presence of a miner.
Via: #-Link-Snipped-# | Source: #-Link-Snipped-#
Replies
You are reading an archived discussion.
Related Posts
hi friends..
i m final year chemical engg student having good technical knowledge. i want to start my own small scale industry along with my friend in yavatmal district maharashtra....
Directi seems to offer great summer internship opportunities for engineering students.
I digged the application process for becoming a summer intern at Directi and here's what I found -
Those...
As summer is fast approaching, thousands of engineering students in India are looking for opportunities in MNCs to apply for a position of a summer intern. While it might seem...
Ohio State University's research team has made it possible for computers to recognize 21 distinct, complex and even contradictory facial expressions. So the next time you are feeling sad and...
Dear CEans,
I am thinking for the civil service exam. And find out there are not specific threads on CE for this(Discussions, Guidance, Study Materials, etc).
@CE Admin, Shouldn't there...